Merge branch 'master' into kikeflare

haproxy/dataplaneapi.hcl

@@ -1,23 +1,34 @@
 config_version = 2
+
 name = "basedflare"
+
 mode = "single"
 
 dataplaneapi {
   host = "127.0.0.1"
   port = 2001
+
   user "admin" {
     insecure = true
     password = "admin"
   }
+
   transaction {
     transaction_dir = "/tmp/haproxy"
   }
+
+  resources {
+    maps_dir      = "/etc/haproxy/map"
+    ssl_certs_dir = "/etc/haproxy/ssl"
+  }
+
   advertised {}
 }
 
 haproxy {
   config_file = "/etc/haproxy/haproxy.cfg"
   haproxy_bin = "/usr/local/sbin/haproxy"
+
   reload {
     reload_delay    = 5
     reload_cmd      = "service haproxy reload"

haproxy/haproxy.cfg

@@ -2,7 +2,8 @@ global
 	daemon
 	maxconn 256
 	log stdout  format raw  local0  debug
-	lua-load-per-thread /etc/haproxy/scripts/register.lua
+	lua-load /etc/haproxy/scripts/register-servers.lua
+	lua-load-per-thread /etc/haproxy/scripts/register-bot-check.lua
 	stats socket /var/run/haproxy.sock mode 666 level admin
 	stats socket 127.0.0.1:1999 level admin
 	httpclient.ssl.verify none
@@ -18,21 +19,21 @@ defaults
 	timeout server 50000ms
 	timeout tarpit 5000ms
 
-# program api
-	# command dataplaneapi -f /etc/haproxy/dataplaneapi.hcl --update-map-files
-	# no option start-on-reload
-# 
-# frontend stats-frontend
-	# bind *:2000
-	# option tcplog
-	# mode tcp
-	# acl white_list src 127.0.0.1
-	# tcp-request connection reject unless white_list
-	# default_backend stats-backend
-# 
-# backend stats-backend
-	# mode tcp
-	# server stats-localhost 127.0.0.1:1999
+program api
+	command dataplaneapi -f /etc/haproxy/dataplaneapi.hcl --update-map-files
+	no option start-on-reload
+
+frontend stats-frontend
+	bind 127.0.0.1:2000
+	option tcplog
+	mode tcp
+	acl white_list src 127.0.0.1
+	tcp-request connection reject unless white_list
+	default_backend stats-backend
+
+backend stats-backend
+	mode tcp
+	server stats-localhost 127.0.0.1:1999
 
 frontend http-in
 
@@ -64,7 +65,7 @@ frontend http-in
 	acl is_excluded path /favicon.ico #add more
 
 	# acl ORs for when ddos_mode_enabled
-	acl ddos_mode_enabled_override hdr_cnt(xr3la1rfFc) eq 0
+	acl ddos_mode_enabled_override str("true"),map(/etc/haproxy/map/ddos_global.map) -m found
 	acl ddos_mode_enabled hdr(host),lower,map(/etc/haproxy/map/ddos.map) -m bool
 	acl ddos_mode_enabled base,map(/etc/haproxy/map/ddos.map) -m bool
 
@@ -97,6 +98,12 @@ frontend http-in
 	http-response set-header X-Cache-Status HIT if !{ srv_id -m found }
 	http-response set-header X-Cache-Status MISS if { srv_id -m found }
 
+	# simple example cache for files
+	http-request set-var(txn.path) path
+	acl can_cache var(txn.path) -i -m end .png .jpg .jpeg .jpe .ico .webmanifest .xml .apng .bmp .webp .pjpeg .jfif .gif .mp4 .webm .mov .mkv .svg .m4a .aac .flac .mp3 .ogg .wav .opus .txt .pdf .sid
+	http-request cache-use basic_cache if can_cache
+	http-response cache-store basic_cache if can_cache
+
 	default_backend servers
 
 cache basic_cache
@@ -105,15 +112,6 @@ cache basic_cache
 	max-age 86400
 
 backend servers
-
-	# simple example cache for files
-	http-request set-var(txn.path) path
-	acl can_cache var(txn.path) -i -m end .png .jpg .jpeg .jpe .ico .webmanifest .xml .apng .bmp .webp .pjpeg .jfif .gif .mp4 .webm .mov .mkv .svg .m4a .aac .flac .mp3 .ogg .wav .opus .txt .pdf .sid
-	http-request cache-use basic_cache if can_cache
-	http-response cache-store basic_cache if can_cache
-
-	# placeholder servers, activated by LUA or the control panel
-    server-template websrv 1-100 0.0.0.0:80 check disabled
 	# use server based on hostname
 	use-server %[req.hdr(host),lower,map(/etc/haproxy/map/backends.map)] if TRUE
 

haproxy/map/backends.map

@@ -1 +1,2 @@
-localhost websrv1
+127.0.0.1 websrv1
+localhost websrv2

haproxy/map/ddos.map

@@ -1,2 +0,0 @@
-localhost 1
-localhost/test 2

haproxy/map/hosts.map

@@ -1 +1,2 @@
+127.0.0.1 127.0.0.1:81
 localhost 127.0.0.1:81

haproxy/template/trace.txt

@@ -5,6 +5,7 @@ uag=%[req.fhdr(user-agent)]
 http=%HV
 tls=%[ssl_fc]
 tlsv=%sslv
+tlsf=%[ssl_c_sha1,hex]
 sni=%[ssl_fc_sni]
 vey_id=%[env(RAY_ID)]
 expiry=%[env(CHALLENGE_EXPIRY)]